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REMARKS/ARGUMENTS 

In view of the Request for Continued Examination, the amendments to the 
claims, and in view of the following remarks, reconsideration of the application is 
respectfully requested. 

1. Interview 

Initially, the Examiner is thanked for the courtesies extended during the 
interview of August 4, 2004. During the interview, claims 21-27 were discussed in 
regard to the prior art reference Atalla (U.S. Patent No. 4,315,101). More 
specifically, as for claims 21-26 and claim 28, the Examiner clarified that the term 
"upon" describes a temporal relationship between recited events in a process 
limitation and not a causal relationship. Furthermore, the Examiner seemed to imply 
that "upon" did not mean simultaneously, but rather "after". Therefore, for example, 
in Section (e) of claim 21, "upon the user's subsequent entry into the trusted 
environment, displaying the process identifier to the user through the trusted path", 
according to the Examiner, could be anticipated by a device which displayed a 
process identifier to a user through a trusted path after the user's subsequent entry into 
the trusted environment. More particularly, the Examiner indicated that if a user were 
to go into a trusted environment and find auditing records as disclosed by Atalla, such 
an action would display the previous "process identifier" such as "pay invoice 
number" or "money out". 

In order to further distinguish between the present invention and the Atalla 
reference which provides a signal 110 upon favorable comparison of two ACK-TRAC 
signals and also has auditable records wherein a user may return to a trusted 
environment, dig for such records, and once again retrieve such a signal, Applicants 
suggested adding the word "automatically" within paragraph (e) of claim 21 before 
the word "displaying". While the Examiner did tentatively indicate that such an 
amendment may be helpful in overcoming the current rejection and would be 
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favorably viewed, no official finding of patentability of the claims over the prior art of 
record was provided during the interview. 

In regard to claim 27, Applicants inquired as to whether or not the limitations 
of claim 27 were being interpreted in accordance with the Donaldson decision, and 
more particularly, under 35 U.S.C. §112, sixth paragraph, as means-plus-function- 
type claims. The Examiner responded that they were being considered as such, but 
his interpretation of the process was that Applicants ^must show the structure that the 
claim refers to in the specification which distinguishes from the prior art. Therefore, 
the Examiner indicated that, until such showing is made by the Applicants, the claims 
would not be interpreted with regard to the specification. 

2. Amendments 

Partially in response to the Examiner's rejection and also in response to 
comments made by the Examiner in the interview, claims 21 and 27 have been 
amended. More particularly, claim 2 1 has been amended to indicate that the method 
steps are conducted in sequence and the displaying of the process identifier in 
paragraph (e) is done automatically upon the user's subsequent entry into the trusted 
computing environment. Further, the display is stated to be performed so that the user 
is assured that the trusted path has been established. Support for this amendment can 
be found on page 31, lines 5-11, and page 32, lines 12-16, as well as numerous other 
places in the specification and drawings. In regard to claim 27, this claim has been 
amended to change the form of how the untrusted parsing means is claimed. More 
specifically, the untrusted parsing means is in means-plus-function format to more 
clearly indicate that it is intended to be interpreted under 35 U.S.C. §112, sixth 
paragraph. No new matter has been entered as a result of these amendments. 
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3. Priority/Drawings 

Applicants hereby note with appreciation that an acknowledgment for priority 
has been made in the last Office Action and that the formal drawings have been 
approved. 

4. Rejection under 35 U.S.C. $102 of claims 21-26 and 28 

Claims 21-26 and 28 have been rejected under 35 U.S.C. § 102(b), as being 
anticipated by Atalla (U.S. Patent No. 4,315,101). This rejection is respectfully 
traversed. 

With initial reference to claim 21, step (a) refers to, upon log on by a user, 
assigning a process identifier to the user in the trusted computing environment. The 
Examiner has argued on page 5 of the Office Action that this particular limitation is 
anticipated by the Atalla reference by an authorized person introducing his PIN via a 
keyboard. The Examiner refers to column 6, lines 58-60, as well as Figure 6, items 
87 and 83. While the Applicant will concede that logging into a system is known, 
Applicant would note that this particular portion of the claim is indicating a time 
sequence. In other words, something occurs upon log on by a user. The prior art 
shows no such assigning of a process identifier upon login. Next, the Examiner 
alleges that the portion of the claim "assigning a process identifier to the user in the 
trusted computing environment" is anticipated by the disclosure in column 7, lines 35- 
43 and Figure 6, items 97 and 101. Column 7, lines 35-43 reads as follows: "The PIN 
thus regenerated from information accessed out of the computer memory 96 and the 
transmitted MSGE and SEQ. NO. received at the remote location are encrypted in 
module 97 which operates according to exactly the same algorithm as is used in 
module 83 on the two input signals that are applied in exactly the same format as is 
applied to module 83. The resulting TRAC 99 and ACK-TRAC 101 outputs appear 
as a composite N-bit output in the same format as the outputs of module 83." 
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As we can see from the quoted portion of the Atalla patent, item 97 is actually 
an encryption module which can be best seen in Figure 6, while item 101 refers to an 
ACK-TRAC or acknowledgment-transfer authorization code signal which is produced 
in encryption module 97. It is completely unclear from the Examiner's rejection as to 
what the Examiner is considering a "process identifier." Presumably, the encryption 
module 97 is not because it is more correctly characterized as the processing 
electronic component, such as a computer or CPU. Presumably the ACK-TRAC 
signal from encryption module 97 is what the Examiner is reading as a "process 
identifier." It should be noted that the keyboard 87 actually inputs the PIN into 
encryption module 83, not into encryption module 97. Regardless, the ACK-TRAC 
signal is not assigned by encryption module 97 upon a user logging on. 

Further, it is unclear what the Examiner considers to be the trusted computer 
environment. Presumably, the Examiner is referring to correspondent office A in the 
Atalla patent, however this point is not clear. The trusted computing environment 
recited in claim 2 1 refers to a very specific type of software running within the 
computer itself. Applicants respectfully submit no such trusted computing 
environment as claimed is present in the prior art. 

Turning now to the limitation of step (b) in claim 21 regarding the storing of 
the assigned process identifier in trusted memory, the Examiner refers to column 9, 
lines 26-34 of the Atalla patent which apparently indicates to the Examiner that an 
assigned process identifier is put in trusted memory. No specific memory is explicitly 
disclosed and it is unclear where in the drawings of the Atalla patent such a memory 
exists. However, even if one were to accept a memory existed to store audible 
records, nowhere does Atalla indicate that such a memory is a "trusted memory." 
Applicants respectfully submit that since a "trusted memory" is not present in the 
prior art, claim 2 1 should be allowed. 

The Examiner then indicates in relation to step (c) of claim 2 1 that 
establishing a trusted path between the user and the trusted computing environment is 
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anticipated by an authorized person introducing his PIN to produce an input in a 
module to establish a trusted path and refers to column 6, lines 43-49 and 58-60 of the 
Atalla patent. Presumably, the Examiner is using the encrypted path from 83 to 
comparator 107 in Atalla to allege anticipation of a trusted path, but again such a 
connection between the language of claim 21 and the prior art cannot be made. 

Regarding limitation (d), "through the trusted path, displaying the process 
identifier", the Examiner relies on the completion of directions as a process identifier, 
such as "pay invoice number" or "money out." In Atalla, presumably, a first user 
would be assigned to "pay invoice number" and a second one might be assigned 
"money out" etc. However, this type of process identifier is not assigned to the user, 
but rather establishes the type of process. 

Finally, in relation to limitation (e) "upon the user's, subsequent entry into the 
trusted environment, displaying the process identifier to the user through the trusted 
path", the Examiner indicates that displaying the process identifier to the user through 
the trusted path and enabling an authorized individual to control a transaction with the 
aid of previously established files in a correspondent office is present in the prior art 
and refers to Atalla column 8, lines 31-44. Presumably, the Examiner is implying 
that, in Atalla, upon subsequent entry into the trusted environment, the process 
identifier of "pay invoice number" or "money out" is immediately displayed to the 
user. However, it would appear from a reading of Atalla most generous to the 
Examiner that only after entry into the alleged trusted computing environment and 
upon completion of certain directions or of a transaction would a pay invoice number 
or money out signal be returned to the user. As stated above, claim 21 has been 
amended to indicate that the method steps are to be conducted in sequence and, 
furthermore, that the process identifier is displayed "automatically" upon the user's 
subsequent entry into the trusted environment so as to assure the user that the trusted 
path has been established. Given that the Examiner's interpretation of the Atalla 
reference refers to audit records that may be displayed upon a user's subsequent entry 
into the alleged trusted computing environment if the user were to ferret out such 
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audit records, Applicants respectfully submit that this interpretation is not valid given 
that claim 21 recites the process identifier must now be automatically displayed upon 
the user's subsequent entry into the trusted computing environment whereas, in 
Atalla, such audit records previously relied on in the Examiner's rejection could not 
be so applied since the audit records mentioned in Atalla are not automatically 
displayed upon the user's subsequent entry into the alleged trusted computing 
environment. 

5, Rejection under 35 U.S.C. §102(b) of claim 27 

Claim 27 has been rejected under 35 U.S.C. § 102(b) or, in the alternative, 
under 35 U.S.C. §103(a) as being obvious over Atalla (U.S. Patent No. 4,315,101), in 
view of National Institute of Standards in Technology, "DES modes of operation." 
This rejection is respectfully traversed for the following reasons. 

Initially, the Examiner is requested to examine this claim in accordance with 
35 U.S.C. §112, sixth paragraph means-plus-function format. The claim includes 
several such limitations. The untrusted parsing means for generating a trusted parsed 
command recited in claim 27 essentially is a parser residing in the general untrusted 
operating system 20 which may parse a trusted command string and convert it to a 
binary representation. Parsers typically check syntax and semantics and prompt for 
missing parameters. While parsing strategies were well-known in the art at the time 
of the invention, the use of an untrusted parser in trusted software systems was 
unknown. Due to the complex nature of parsing, large amounts of computer code are 
generally associated with this activity. Prior art trusted software systems have 
included a parser for trusted commands and thus placed the code within the trusted 
computing base. In these systems, every trusted command was parsed and executed 
exclusively by trusted code. The inclusion of the parsing code in the trusted 
computing base was required as necessary for proper system operation. See 
supporting disclosure at page 34, lines 18-24, page 35, lines 1-5 and page 9, lines 18 
through page 10, line 5 of the applicants' specification. 
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In rejecting claim 27, the Examiner refers in his Office Action to Atalla, 
column 6, lines 50-57 and Figures 5a and 5b items MSGE and 83 which is a message 
indicating the type of transaction supplied to the encryption algorithm module. The 
Examiner also refers to column 4, lines 50-59, and column 6, lines 60-64 when 
incorporating the National Bureau of Standards encryption-decryption algorithm. 
However, the Examiner has not indicated what the Examiner considers to be the 
untrusted means for parsing in Atalla. Presumably, the Examiner is referring to 
encryption module 83 as an untrusted parser and implies that the encryption algorithm 
can somehow be considered a parsing operation. Applicants respectfully submit that 
the encryption module 83, or encryption modules 97 and 1 13 as shown in Figure 6 of 
Atalla, is part of a trusted computer environment as it contains the codes that encrypt 
the various messages to be sent. It should be noted that the next limitation in claim 27 
is a trusted means for receiving the parsed command via a trusted path. In regard to 
this limitation, the Examiner refers to Atalla, column 7, lines 1-7, Figure 6 and item 
89, disclosing transmitting an encrypted message as a TRAC signal over a data link 
and refers to column 9, lines 29-34 disclosing that instructions required to command a 
transaction are submitted with substantial security against errors and unauthorized 
alterations, along with ample provisions for auditable records of the transaction. 
Once again, the Examiner has not indicated precisely what the "trusted means" in 
Atalla includes. However, it would appear at least the trusted path is being indicated 
by the Examiner as item 89. Presumably, therefore, the Examiner is holding 
comparator 1 03 as being the trusted means for receiving the encrypted command. It 
should be noted that, according to the invention recited in claim 27, the totality of the 
protection mechanism within the computer system, including hardware, software and 
firmware (the combination of which is responsible for enforcing a security policy), is 
commonly known as a trusted computer base and, in this case, is the supporting 
disclosure for the trusted means for receiving a parsed command via a trusted path. In 
the instant case, the trusted computer base or trusted means for receiving the parsed 
command via a trusted path is shown as trusted computing base 10 and resides at the 
core of the computing system. See, for example, Figure 1. More specifically, the 
command conveyor 14 obtains and copies a binary representation of the trusted 
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command into protected memory, then puts it in a global data structure that supports 
the user process associated with the terminal in question. See Applicants 5 
specification page 20, lines 6-14 and page 35, lines 7-16. The means for displaying 
the representation of the parsed command to the user for verification essentially 
correlates with the SSVR or the secure server 12 as noted on page 42, lines 1-7. The 
trusted means for executing the verified parsed command correlates with the trusted 
computing base 10 which executes the command in a conventional manner. See page 
47, lines 8-10. In summary, the Atalla reference does not disclose an untrusted 
parsing means to generate a parsed command, but rather discloses a trusted parsing 
means to generate a parsed command. Therefore, this prior art does not anticipate or 
render obvious claim 27. 

Included with this amendment filed with the RCE, new claims 29-40 have 
been added to the application. In general, claims 29 and 30 set forth apparatus 
limitations corresponding to those presented in the method claims. Claims 31-34 set 
forth additional claims presented during the prosecution of the corresponding foreign 
application resulting in European Patent No. EP 0 443 423 Bl granted on this 
invention and, more specifically, set forth means-plus-function limitations 
corresponding to claims 17-20 in the European application. Finally, dependent claims 
35-40 have been added based on changes made to prior presented claims 24-26 to 
remove multiple dependencies. Therefore, these dependent claims merely encompass 
the prior claim structure without utilizing multiple dependent claims. 
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In view of the amendments made to the claims, the discussions and 
agreements made with the Examiner, and the above remarks, allowance of this 
application is respectfully requested. If the Examiner should have any concerns 
regarding this Amendment/Response, he is cordially invited to contact the 
undersigned at the number provided below. 



Date: September 17, 2004 
DIEDERIKS & WHITELAW, PLC 

12471 Dillingham Square, #301 
Woodbridge, VA 22192 
Tel: (703)583-8300 
Fax: (703) 583-8301 



Respectfully submitted, 




Nicholas S. Whitelaw 
Attorney for Applicants 
Registration No. 36,418 
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